One of automobile manufacturer wanted to conduct VA for its web and mobile platform to provide driver with a convenient and easy to use interface to monitor and manage car.
Being an automobile manufacturer, the system security of a new car was a top priority. The vehicle’s web and mobile platforms were designed to provide drivers with a convenient and easy-to-use interface to monitor and manage the car.
As far as the performance is concerned, the platform is working accurately. To prevent this platform from any outside interference they wanted to uncover any unknown vulnerabilities that might put the driver or the vehicle at risk.
By focusing on the mobile application-programming interface, we have tested series of testing scenarios.
Using the credentials from a test account, we pivoted outside of an assigned environment. We have taken the control of other vehicles using Vehicle Identification Number.
By exploiting vulnerabilities discovered in hidden and undocumented interfaces, we were able to harness GPS, functions to locate cars, lock and unlock vehicles, and perform other malicious tasks.
- It has given comprehensive evaluation of Web and Mobile platform to the client and it helped in understanding loopholes or errors that could lead to major cyber-attacks.